Completeness, Versatility, and Practicality in Role Based Administration

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Completeness, Versatility, and Practicality in Role Based Administration"

Transcription

1 Completeness, Versatility, and Practicality in Role Based Administration Slobodan Vukanović Abstract Applying role based administration to role based access control systems has gained some attention in recent literature. Scoped Administration for Role Based Access Control (SARBAC) puts forward what is claimed to be a complete, versatile, and practical role based administrative model. These attributes are deemed to be key for SARBAC s dynamic, flexible nature. However, SARBAC shuns alternative approaches to role based administration. One such alternative, Graph Based Formalism, is hastily dismissed on the basis that it is not complete, versatile, and practical. This term paper looks at Graph Based Formalism (in particular, using administrative scope in graph based frameworks) from the completeness, versatility, and practicality perspectives, as defined in SARBAC literature. It discusses whether it is reasonable to dismiss Graph Based Formalism in favour of SARBAC in the light of these attributes. 1 Introduction Completeness, versatility, and practicality are important notions in role based access control. They are qualities one undoubtedly keeps in mind when designing role based access control models. Completeness describes how much dynamic change a model allows. Versatility and practicality, although not as clearly defined as completeness, also play an important role in a model s success. This report looks at completeness, versatility, and practicality in SARBAC, a role based access control model introduced in [1], and graph based formalism, which was introduced in [3]. Our motivation is to dismiss claims that graph based formalism is not on equal footing with SARBAC completeness, versatility, and practicality wise. We show why it is not reasonable to make direct comparisons of SAR- 1

2 BAC and graph based formalism. We then turn to administrative scope in a graph based framework, and compare that to SARBAC. Our discussion shows that using administrative scope in graph structures is equivalent to SARBAC, in terms of completeness and versatility. We argue that practicality of administrative scope in graph based frameworks is greater, because of the way operations in the model have been defined. We feel that it is important to distinguish between flexibility and versatility. These are used interchangeably in some literature ([1], for example). For our purposes, flexibility measures how a role based access control model responds to dynamic changes. We are interested in how much work one needs to do to preserve correctness of the model after a dynamic change. If this extra work is negligible, then we are more likely to call such a model flexible. It is a desirable quality if model A is more flexible than model B, then its administration is likely to be easier, as we shall see. Versatility, on the other hand, measures the permissiveness of a model, that is, which operations will succeed and which will fail. There are no formal definitions of these terms, and we will constrain our discussion on relative flexibility and versatility of the models presented herein. That is, instead of claiming flexibility and versatility, we will examine how they are different in one model compared to another. The report is structured as follows. Section 2 provides some background on role based access control and administration for completeness sake. Section 3 looks at SARBAC, while Section 4 examines graph based formalism. The last Section concludes the report. 2 Background 2.1 Role Based Access Control Users of computer systems perform their tasks by accessing system s resources (data and services). Access control defines the ways in which and by whom these resources can be manipulated. Initial research in access control resulted in two models [2]. In Discretionary Access Control (DAC), access control was left to users themselves. A notion of ownership exists in DAC: it was up to the owner (a user) of a particular resource to grant or revoke access to that resource. A drawback of such a mechanism is precisely this concept of ownership. It is nearly always the case that the party who owns the system owns the resources. Individual end users own very little on the system, if anything. The second type, Mandatory Access Control (MAC), defined on each resource a label representing its level of sensitivity. Only 2

3 users with a clearance level corresponding to the label of a resource were granted access to that resource. The applications of MAC outside military systems were rare [2]. The definition of ownership in DAC and narrow applicability of MAC made them unsuitable for use in domains that, like military, require control of acccess to its information. A definition of role based access control (RBAC) was given by Ferraiolo and Kuhn in [2] (note that this publication does not pioneer role based access control). The aim was to provide a standard definition for a suitable model of access control for civilian government and commercial firms. In this model, roles have permissions to act on resources in some way. Users are assigned to roles; users abilities to act upon resources are defined by roles which they are assigned to. Roles can be added, edited, or removed without a need to explicitly add or revoke permissions of individual users. They can be grouped into hierarchies, with parent roles inheriting privileges of children roles. Role hierarchies are orthogonal to authority or responsibility hierarchies found in organizations. 2.2 Administration in Role Based Systems The level of abstraction allowed by RBAC makes it an appealing model for administration. Administration in role based systems defines operations that change the hierarchy. They are a vital part of an RBAC systems, as one needs ways to assign new users to roles, remove users, assign and revoke permissions, etc. Typical administrative operations are summarized in Table 1. These are the basic operations we expect to be available in role based systems. We have chosen these as basic operations because all of them are required to ensure correct administration, as defined by RBAC in [2]. Different models may define additional operations, and many of them do (for example adding and removing of sessions). In addition to these, some operations for changing the way administration is carried out need to be established. For example, we need ways to add or remove roles from administrators administrative ranges. Note that, if we use RBAC to administer RBAC systems, then these operations will be variations of those in Table 1. For example, to stop a role r from being administered by some administrative role a, we may execute RemoveEdge with a and r as arguments. For the remainder of this report, we will say that a role r administers (or controls) some role r if r is able to perform at least one operation from Table 1 on r. We will consider the terms administers and controls to refer to the same concept, so we will use them interchangeably. 3

4 Operation AddRole DeleteRole AddEdge RemoveEdge AssignUser RevokeUser AssignPermission RevokePermission Effects A role is added to the hierarchy. A role is removed from the hierarchy. An edge between two roles in the hierarchy is inserted. An edge between two roles in the hierarchy is deleted. Assigns a user to a role. Revokes a user from a role. Assigns a permission to a role. Revokes a permission from a role. Table 1: Sample administrative operations. Operations above the line change the hierarchy. Operations below the line deal with user role and permission role assignments. 3 SARBAC 3.1 Motivation The motivation behind the development of SARBAC is to build a model which uses RBAC principles to administer RBAC systems. That is, administrative roles are a part of the hierarchy, and they use operations similar to those listed in Table 1 to administer user roles. SARBAC aims at defining a complete, versatile, and practical model, with minimal work needed to preserve the correctness when dynamic changes take place. 3.2 Administrative Scope The notion of administrative scope, which serves as the basis for the SAR- BAC model, defines administrative responsibilities of roles in a role hierarchy. Administrative scope of a role r is a set of roles that r administers. A role hierarchy H = (R, ) is a partial ordering over the set R of roles. As such, it can be represented graphically by a Hasse diagram see Figure 1(a) for an example. Let r = {r R : r r}, and r = {r R : r r}. That is, r denotes the set of all ancestors of r in H, and r denotes the set of all descendants of r in H (by definition of ancestor/descendant, r is an ancestor/descendant of itself). Administrative scope of a role r is then defined as: S(r) = {s R : s r, s\ r r} 4

5 Figure 1(b) is an example from [1], showing the administrative scope of role PL1. Figure 1: Administrative scope example, taken from [1]. (a) A role hierarchy. (b) Administrative scope of PL1 is circled. (c) Changes to administrative scope of PL1 as: (i) role X is added, (ii) role Y is added, and (iii) edge between PE1 and QE1 is added. We agree with [1] that administrative scope provides a natural unit of administration. It is an intuitive and a simple enough concept to describe informally: a descendant of some role belongs in the administrative scope of that role if all paths from the descendant to the top of the hierarchy pass through that role. As the hierarchy dynamically changes, so too does administrative scope of the roles. There is no additional effort involved in checking whether violations of administrative scope exist after a hierarchy changing operation completes. See Figure 1(c) for an example. From our earlier discussion on flexibility, we can see that a model utilizing administrative scope 5

6 has the potential to be very flexible. 3.3 RHA and SARBAC This section briefly looks at Role Hierarchy Administration (RHA) models, and SARBAC, so that further discussion is possible. [1] defines four RHA models in increasing order of sophistication, with RHA 1 being the simplest, and RHA 4 being the most complex. RHA 1 is simply a straight application of administrative scope on the role hierarchy. Each role in the hierarchy has its administrative scope as defined earlier. RHA 1 is not sufficiently expressive to be of much use: every role is an administrative role it administers precisely those roles that are in its administrative scope. This model does not provide ways to circumvent this in applications in which such administration is undesirable. RHA 2 extends RHA 1 by assigning to every role an administrative flag. The value of this flag then determines whether roles are administrators or not. Thus, RHA 2 offers finer granularity than the previous model. RHA 3 introduces an additional binary relation termed admin-authority. Each pair (a, r) admin authority defines an administrative role a, and a role r which a administers. Administrative roles can be viewed as an extension to the original role hierarchy: for each pair (a, r), there is an additional node a and an edge from a to r. Administrative scope of administrative roles now simply becomes the administrative scope as defined earlier, but taken over the existing and extended hierarchies as a whole. We note that existence (nonexistence) of administrative roles provides a variation of the effects of AddRole (DeleteRole) operation from Table 1, from the point of view of the extended (administrative) part of the hierarchy. What is required is some way in which administrative roles can be added, removed, and modified. Indeed, RHA 3 does not say how the admin-authority relation changes. RHA 4 includes two further operations, AddAdminAuthority and DeleteAdminAuthority, thus defining how the relation is modified. AddAdminAuthority adds an edge to the extended hierarchy, so it is a variation of the AddEdge operation we considered in Table 1. Similarly, DeleteAdminAuthority removes an edge from the extended hierarchy, and is thus a variation of the RemoveEdge operation from Table 1. There is no need for AddRole and DeleteRole operations to change, as we do not expect them to make direct modifications to admin-authority. (Their execution however may have effects on the relation; this is discussed soon.) Therefore, they may be reused in the extended hierarchy by providing suitable arguments. 6

7 [1] describes direct updates (i.e. updates via AddAdminAuthority and DeleteAdminAuthority), as well as indirect updates to the extended hierarchy. An indirect update to the extended part of the hierarchy occurs as a consequence of some other changes in the hierarchy, for example when other roles and edges are added or removed. We will not detail cases in which these updates occur, but it is worthwhile to consider their effects on flexibility. When the extended hierarchy is indirectly modified, there may be violations to the admin-authority relation. For example, we may remove some role r by executing DeleteRole. If it is the case that (a, r) admin authority, i.e. there is an edge from r to some administrative role a, a needs to be reconnected to all the other roles lower in the hierarchy that can be reached via r, in order to preserve its administrative scope after r has been removed. Correctness is ensured simply by adding tuples (a, r ) to admin-authority, where r are direct descendants of r. The extra work required is a simple, clean check on the data structures used to implement the model. This is the way side effects of all operations that cause indirect updates are mitigated, so RHA 4 has the potential for greater flexibility over models that are not as elegant. What is missing from RHA 4 is a mechanism to perform user role and permission role assignments. SARBAC extends RHA 4 by introducing the notion of constraints and defining two additional relations, ua-constraints and pa-constraints. ua-constraints is a set of (user, role) tuples that keeps a track of user to role assignments. Similarly, ua-constraints keeps a track of permission to role assignments. A SARBAC constraint is a conjunction of roles from the hierarchy. For a user to satisfy a constraint, it must be assigned to all the roles in the constraint (hence the conjunction), either explicitly or implicitly (by inheritance). Similarly, for a permission to satisfy a constraint, it must be present in all the roles listed in the conjunction, either explicitly or implicitly. (In the case of permissions, the implicit list is a list of ancestors rather than predecessors, since permissions do not inherit but are inherited.) Together with administrative scope, constraints act as an enabling mechanism for the execution of operations that modify ua-constraints and pa-constraints relations. If an assign or a revoke user (role) operation satisfies the administrative scope rules and all the constraints, then it may be executed. For our discussion on flexibility, we note that correctness of ua-constraints and pa-constraints must be preserved during indirect updates, as it was the case with admin-authority. Handling of this is similar to the handling of effects of indirect updates to admin-authority (i.e. we add/remove tuples from ua-constraints and pa-constraints), but some operations cause undesirable changes to con- 7

8 straints. Since handling of the effects of indirect updates is non uniform (i.e. what to do to preserve correctness depends on particular indirect operation, as opposed to RHA 4 ), we feel that some flexibility may be lost. 3.4 Completeness, Versatility, and Practicality An access control model is made up of components. For example, the components of SARBAC are its set of roles, its set of permissions, the admin-authority relation, etc. For dynamic changes to take place, some of these components must change over time. Such components are called dynamic. For example, the set of roles changes dynamically when AddRole and DeleteRole operations are executed. The components that are not changed dynamically are called static. The state of a model at some particular time step are the contents of the dynamic components. When a dynamic change occurs, the model undergoes a change in its state. Completeness is defined in [1] in terms of a function that maps states to states, that is, a function which specifies the state transitions. A model is said to be complete if such a function is defined, or if it can be defined. Versatility and practicality are not formally defined. Versatility is taken to be the permissiveness of a model: if a model A permits the execution of some operations that are restricted in some other model B, then A is said to be more versatile than B. It makes sense that versatility is a desirable quality; it is desirable to have a model which will permit intuitive operations to take place than a model which will require an execution of a few operations before a desired change is made, or a model that will not permit these operations at all. Of course, what is intuitive and what is not is fairly subjective. Practicality is the ability of a model to be implemented and applied to particular situations. We agree that this is another key quality, but we are skeptical about claims of practicality prior to implementation attempts. We are more comfortable with the latter part, since situations in which a model may be applied can be deduced from the specifications of the components. However, we believe that this too is related to implementation: potential applications of a model remain potential until that model is implemented. [1] details a comparison between SARBAC and ARBAC97 [5]. It looks at completeness, practicality, and versatility of both. 1 The argument for completeness is the dynamic nature of SARBAC relations. ARBAC97 s equivalents are not dynamic components. For example, if a new role is added to the hierarchy, how can constraints be imposed on the assignment of users 1 The comparison also includes simplicity. We have omitted this, as we believe that simplicity is even more subjective than practicality. 8

9 (and permissions)?, [1] (p22). We agree with this argument, as completeness defined in [1] certainly enables dynamic changes to occur without any extra work. The argument for versatility is based on looking on the possible ways that operations may fail. It is concluded that many reasonable operations fail in ARBAC97, while they are allowed to occur in SARBAC. Hence, SARBAC is claimed to be more versatile than ARBAC97. The practicality argument comes from the lack of detail in specification of operation of ARBAC97. SARBAC does contain specifications on how to build and administer role hierarchies, but... it is not obvious how ARBAC97 is intended to work, [1] (p26). We will take these arguments as sufficient to convince us that SARBAC is complete, and more versatile and practical than ARBAC97. 4 Graph Based Formalism 4.1 Graph Based Formalism and RBAC This section will briefly overview graph based formalism for RBAC, which was introduced in [3], and discuss the differences of the two approaches. A graph is a pair (V, E), where V is a set of vertices and E is a set of vertex pairs, representing the edges. In graph based formalism, each node and each edge have a type. We represent RBAC by a type graph see Figure 2(a). Some graph G belongs to a class of graphs defined by a graph type if one can find for each node and edge in G the corresponding edge and node type in the type graph [3]. Figure 2(b) is taken from [3], and it shows an RBAC state graph which can be reduced to the type graph in Figure 2(a). Graphs are transformed by graph rules. A graph rule states how a graph G is transformed to a graph H by detailing the changes to an applicable subgraph of G, and the conditions that need to occur in G for the rule to apply. See Figure 2(c) for an example. Differences between SARBAC and graph based formalism prevent us from comparing the two approaches directly. We will insist on referring to graph based formalism as a formalism and SARBAC as a model from now on. Let us make a distinction between what we mean by a formalism and what we mean by a model. We will take the term formalism to refer to a theoretical description (however rigorous it may be) of some sort. We take the term model to mean an abstraction detailing the rules that must be followed in an implementation. As we have seen, graph based formalism is a formalism of RBAC as an idea it uses graph theory and graph transformations to formalize the concepts and operations in RBAC. For every 9

10 Figure 2: (a) A type graph for RBAC, showing how components interact together. (b) An RBAC state graph that reduces to the RBAC type graph. (c) AddUser graph rule. (i) is the subgraph of G that will be modified, and (ii) is the result of the rule. The dashed line in (i) represents a condition for the rule to take place: such an edge must not exist in graph G for the rule to be applicable. 10

11 operation given in Table 1, there is a graph theoretical equivalent. Graph based formalism can thus be used to provide a graph based correctness of RBAC (see Section 5 of [3]). It is also used to define, and prove correctness of models, for example ARBAC97, or a model based on administrative scope (discussed in the next subsection). We feel that it is unjust to dismiss graph based formalism in favor of SARBAC on the grounds of it not being complete, versatile, and practical. We believe that graph based formalism and SARBAC serve different purposes (one being a formalism and the other a model), and are thus not able to be compared directly. It seems to us that completeness, versatility, and practicality are attributes exhibited by models. What we can do is compare a model described by graph based formalism and SARBAC. Obviously, if we map ARBAC97 to graph based formalism (as it was described in [3]), then this comparison becomes the one in [1], and we conclude that SARBAC is superior because it exhibits completeness, versatility, and practicality. It would be interesting to consider a model using the notion of administrative scope described by graph based formalism, and compare that with SAR- BAC. This is done in the next subsection. 4.2 Graph Based Formalism and Administrative Scope [4] shows an application of the concept of administrative scope in graph based frameworks. It maps SARBAC to graph structures. We make a summary of the mapping below, and discuss its completeness, versatility, and practicality in the next subsection. The role hierarchy is a directed graph. There is an edge from a node r to a node r if r is an immediate ancestor of r (that is, r is superior to r ). The admin-authority relation is modeled the same (i.e. by an extended hierarchy), although these edges in extended hierarchy are of a different type than those edges in the original hierarchy; this is useful when preserving correctness after an operation executes. The definition of administrative scope is the same, and the property is checked by the adscope(a, r) procedure. adscope(a, r) recursively checks if every ancestor of r is controlled by a this is the same as saying that every path from r to the top of the hierarchy goes through a, which is our informal notion of administrative scope, as mentioned earlier. Let s see how operations in SARBAC are mapped to graph structures. AddRole and DeleteRole use graph rules from [3] to perform addition and deletion of roles. A check is in place in order to enforce administrative scope. If an administrative role a is adding a role r, then a needs to have admin- 11

12 istrative scope over the roles which will be neighbors of r. Similarly with DeleteRole a needs to have r in its administrative scope (by definition, it also has all the neighbors of r, so this is not checked). [4] also specifies that we need to do some extra work when adding and deleting roles. Namely, when adding a role, we need to make sure that all redundancy is avoided (this is done by a clean graph rule, as defined in [4]), and when deleting a role, we need to make connections between roles which were previously connected via r (this is done by a complete graph rule, as defined in [4]). AddEdge and RemoveEdge are very similar to AddRole and DeleteRole. In this case, appropriate graph rules will be applied, with a forced consistency check. The AddAdminAuthority (DeleteAdminAuthority) rule lets an administrative role a add (remove) some role r from the administrative scope of another administrative role a. In the case of adding r to the scope of a, a check is needed to ensure that both r and a are a s scope, and that r is outside the scope of a. In the case of removing r, a check whether a is in a s administrative scope is required. These two operations then behave exactly the same as AddEdge and RemoveEdge, but on the special, administrative edges (found in the extended part of the hierarchy). A note is required on indirect updates, for our running discussion of flexibility. [4] notes that, since the correctness is ensured after executing the operations by forced consistency checks, one does not have to pay special attention to indirect modifications of the admin-authority relation, and that, therefore, no special treatment is necessary for this case (p5). Although this statement makes the graph based approach to administrative scope sound more flexible than RHA 4, the two are essentially doing the same thing. It is not possible to comment on precise differences in flexibility, since [1] does not give details on how these updates are performed, whereas [4] does define the clean and complete graph rules. For the purposes of user role and permission role assignments, constraints and relations are defined in the same way as for SARBAC. Recall that a constraint is a conjunction of roles. A user satisfies some constraint if it is (explicitly or implicitly) assigned to these roles. Permissions satisfy a constraint in a similar way to users. User assignment is carried in the same way as in SARBAC: the conditions of operations check whether administrative scope holds and whether all the constraints are satisfied. No mention of handling of constraint consistency during indirect updates is made, so we will assume that they are treated the same as in SARBAC. 12

13 4.3 Completeness, Versatility, and Practicality We have seen how RBAC operations, relations, and constraints map to graph structures in the previous subsection. We have seen that effects and enabling conditions of operations in both models are identical. Graph based model of administrative scope does not add any extra functionality to SARBAC. We therefore conclude that both models are identical. Since both models are identical, the completeness and versatility they exhibit must be the same. We have mentioned earlier that SARBAC is complete because the admin-authority relation is dynamic. This is also the case in graph based administrative scope model [4] (p4). They are both complete, according to our earlier definition of completeness. Since all operations will fail or succeed in the same way (they are, after all, same operations), the two models have the same versatility. Practicality is very hard to measure from a model s specification, since the abstraction does not allow all implementation and application issues to be addressed. We argue that, since SARBAC and graph based model of administrative scope are identical, the graph based approach must be at least as practical as SARBAC, however much that may be (see Section 3.4). SARBAC operations are not defined as clearly as operations in the graph based approach. The authors of [1] state that they intend to give operational semantics for [SARBAC] by writing pseudo code functions to implement the SARBAC operations (p30). These operations are already defined in the graph based approach, by using graph rules. This leads us to believe that the graph based model of administrative scope is more practical than SARBAC. 5 Conclusion Although SARBAC is quickly to dismiss graph based formalism on the grounds that it is not complete, versatile, and practical, we have seen how it can be mapped onto a graph based model. From our discussion, we have concluded that not only can graph based formalism define a model on equal footing with SARBAC completeness and versatility wise, but it can also define a more practical model, which enjoys a more detailed operational specification. 13

14 References [1] J. Crampton and G. Loizou. Administrative Scope: A Foundation for Role-Based Administration Models. ACM Transactions on Information and System Security, 3(4): , November [2] D. Ferraiolo, and R. Kuhn. Role-based access control. In 15th NIST- NCSC National Computer Security Conference, pages , Baltimore, MD, October [3] M. Koch, L. V. Mancini, and F. Parisi-Pressice. A Graph Based Formalism for RBAC. ACM Transactions on Information and System Security (TISSEC), 5(3): , August [4] M. Koch, L. V. Mancini, and F. Parisi-Pressice. Administrative Scope in the Graph-based Framework. Proceedings of the ninth ACM symposium on Access Control models and technologies, p97-104, [5] R. Sandhu, V. Bhamidipati, and Q. Munawer. The ARBAC97 model for role based administration of roles. ACM Transactions on Information and System Security 1, 2, ,

Role Based Access Control

Role Based Access Control Role Based Access Control Role-Based Access Control Models. By R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman, IEEE Computer, vol 29(2):38--47, February 1996. The most cited paper in access control!

More information

An Object Oriented Role-based Access Control Model for Secure Domain Environments

An Object Oriented Role-based Access Control Model for Secure Domain Environments International Journal of Network Security, Vol.4, No.1, PP.10 16, Jan. 2007 10 An Object Oriented -based Access Control Model for Secure Domain Environments Cungang Yang Department of Electrical and Computer

More information

Proposed NIST Standard for Role-Based Access Control

Proposed NIST Standard for Role-Based Access Control Proposed NIST Standard for Role-Based Access Control DAVID F. FERRAIOLO National Institute of Standards and Technology RAVI SANDHU SingleSign On. Net and George Mason University, sandhu@gmu.edu or www.list.gmu.edu

More information

Understanding and Developing Role-Based Administrative Models

Understanding and Developing Role-Based Administrative Models Understanding and Developing Role-Based Administrative Models Jason Crampton Technical Report RHUL MA 2005 06 20 April 2005 Royal Holloway University of London Department of Mathematics Royal Holloway,

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

Component visualization methods for large legacy software in C/C++

Component visualization methods for large legacy software in C/C++ Annales Mathematicae et Informaticae 44 (2015) pp. 23 33 http://ami.ektf.hu Component visualization methods for large legacy software in C/C++ Máté Cserép a, Dániel Krupp b a Eötvös Loránd University mcserep@caesar.elte.hu

More information

CHAPTER 22 Database Security Integration Using Role-Based Access Control

CHAPTER 22 Database Security Integration Using Role-Based Access Control CHAPTER 22 Database Security Integration Using Role-Based Access Control Sylvia Osborn Department of Computer Science, The University of Western Ontario London, Ontario, Canada, N6A-5B7 svlvia@csd.uwo.ca

More information

Fall 2010/Lecture 30 1

Fall 2010/Lecture 30 1 CS 426 (Fall 2010) Role Based Access Control Fall 2010/Lecture 30 1 Background: Role Based Access Control Non-role-based systems Users: Alice Bob Carl Dave Eva Permissions: DB2 WebSphere Windows Account

More information

A Critique of the ANSI Standard on Role Based Access Control

A Critique of the ANSI Standard on Role Based Access Control A Critique of the ANSI Standard on Role Based Access Control Ninghui Li Ji-Won Byun Elisa Bertino CERIAS and Department of Computer Science Purdue University 656 Oval Drive, West Lafayette, IN 47907-2086

More information

Role-based access control. RBAC: Motivations

Role-based access control. RBAC: Motivations Role-based access control 1 RBAC: Motivations Complexity of security administration For large number of subjects and objects, the number of authorizations can become extremely large For dynamic user population,

More information

Jonathan D. Moffett Department of Computer Science University of York York, United Kingdom

Jonathan D. Moffett Department of Computer Science University of York York, United Kingdom To appear at ACM SACMAT 2002 A Lightweight Approach to Specification and Analysis of Role-based Access Control Extensions (2) Andreas Schaad Department of Computer Science University of York York, United

More information

JOURNAL OF OBJECT TECHNOLOGY

JOURNAL OF OBJECT TECHNOLOGY JOURNAL OF OBJECT TECHNOLOGY Online at http://www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2004 Vol. 3, no. 3, March-April 2004 L n RBAC: A Multiple-Levelled Role- Based Access

More information

Access Control Matrix

Access Control Matrix Access Control Matrix List all proceses and files in a matrix Each row is a process ( subject ) Each column is a file ( object ) Each matrix entry is the access rights that subject has for that object

More information

Role-based Authorization Constraints Specification Using Object Constraint Language

Role-based Authorization Constraints Specification Using Object Constraint Language Role-based Authorization Constraints Specification Using Object Constraint Language Gail-Joon Ahn Department of Computer Science University of North Carolina at Charlotte gahn@uncc.edu Michael. E. Shin

More information

Access Control Models Part I. Murat Kantarcioglu UT Dallas

Access Control Models Part I. Murat Kantarcioglu UT Dallas UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control Models Part I Murat Kantarcioglu UT Dallas Introduction Two main categories: Discretionary Access Control Models (DAC) Definition:

More information

Role Based Access Control (RBAC) Nicola Zannone

Role Based Access Control (RBAC) Nicola Zannone Role Based Access Control (RBAC) Nicola Zannone 1 DAC and MAC Discretionary Access Control (DAC) Access control determined by the owner of an object Oner can delegate access rights to other users Access

More information

Delta Analysis of Role-Based Access Control Models

Delta Analysis of Role-Based Access Control Models Delta Analysis of Role-Based Access Control Models Maria Leitner University of Vienna, Austria Faculty of Computer Science maria.leitner@univie.ac.at Abstract. Role-based Access Control (RBAC) is de facto

More information

Role based access control in a telecommunications operations and maintenance network

Role based access control in a telecommunications operations and maintenance network Final thesis Role based access control in a telecommunications operations and maintenance network Performed for Ericsson AB by Peter Gunnarsson LITH-IDA-EX 05/012 SE 2005-03-01 Final thesis Role based

More information

On the Security of Delegation in Access Control Systems

On the Security of Delegation in Access Control Systems On the Security of Delegation in Access Control Systems Qihua Wang, Ninghui Li, and Hong Chen Department of Computer Science, Purdue University {wangq, ninghui, chen131}@cs.purdue.edu Abstract. Delegation

More information

Access Control Basics. Murat Kantarcioglu

Access Control Basics. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Access Control Basics Murat Kantarcioglu Access Control - basic concepts An access control system regulates the operations that can be executed

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Access Control and Authorization Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access recapitulated 1. Identification Which object O requests

More information

Access Control Fundamentals

Access Control Fundamentals C H A P T E R 2 Access Control Fundamentals An access enforcement mechanism authorizes requests (e.g., system calls) from multiple subjects (e.g., users, processes, etc.) to perform operations (e.g., read,,

More information

A first step towards modeling semistructured data in hybrid multimodal logic

A first step towards modeling semistructured data in hybrid multimodal logic A first step towards modeling semistructured data in hybrid multimodal logic Nicole Bidoit * Serenella Cerrito ** Virginie Thion * * LRI UMR CNRS 8623, Université Paris 11, Centre d Orsay. ** LaMI UMR

More information

Spatial Domains for the Administration of Location-based Access Control Policies

Spatial Domains for the Administration of Location-based Access Control Policies Spatial Domains for the Administration of Location-based Access Control Policies Maria Luisa Damiani Elisa Bertino Claudio Silvestri April 24, 2008 University of Milan, Via Comelico 39, 20135 Milan,Italy,Tel.+39

More information

Risk-Aware Role-Based Access Control

Risk-Aware Role-Based Access Control Risk-Aware Role-Based Access Control Liang Chen Jason Crampton Information Security Group, Royal Holloway, University of London 7th International Workshop on Security and Trust Management Risk-Aware RBAC

More information

Meta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions

Meta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions Meta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions Kathrin Lehmann, Florian Matthes Chair for Software Engineering for Business Information Systems Technische

More information

Fairness in Routing and Load Balancing

Fairness in Routing and Load Balancing Fairness in Routing and Load Balancing Jon Kleinberg Yuval Rabani Éva Tardos Abstract We consider the issue of network routing subject to explicit fairness conditions. The optimization of fairness criteria

More information

THE IMPACT OF INHERITANCE ON SECURITY IN OBJECT-ORIENTED DATABASE SYSTEMS

THE IMPACT OF INHERITANCE ON SECURITY IN OBJECT-ORIENTED DATABASE SYSTEMS THE IMPACT OF INHERITANCE ON SECURITY IN OBJECT-ORIENTED DATABASE SYSTEMS David L. Spooner Computer Science Department Rensselaer Polytechnic Institute Troy, New York 12180 The object-oriented programming

More information

Role-Based Access Controls

Role-Based Access Controls Role-Based Access Controls Reprinted from 15th National Computer Security Conference (1992) Baltimore, Oct 13-16, 1992. pp. 554-563 David F. Ferraiolo and D. Richard Kuhn National Institute of Standards

More information

A logical approach to dynamic role-based access control

A logical approach to dynamic role-based access control A logical approach to dynamic role-based access control Philippe Balbiani Yannick Chevalier Marwa El Houri Abstract Since its formalization RBAC has become the yardstick for the evaluation of access control

More information

Administration of Access Control in Information Systems Using URBAC Model

Administration of Access Control in Information Systems Using URBAC Model JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 19 No. 2 (2011), pp. 89-109 Administration of Access Control in Information Systems Using URBAC Model Aneta Poniszewska-Marańda Institute of Information Technology

More information

Best Practices, Procedures and Methods for Access Control Management. Michael Haythorn

Best Practices, Procedures and Methods for Access Control Management. Michael Haythorn Best Practices, Procedures and Methods for Access Control Management Michael Haythorn July 13, 2013 Table of Contents Abstract... 2 What is Access?... 3 Access Control... 3 Identification... 3 Authentication...

More information

Leveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC

Leveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC Leveraging UML for Security Engineering and Enforcement in a Collaboration on Duty and Adaptive Workflow Model that Extends NIST RBAC S. Berhe 1, S. Demurjian 1, S. Gokhale 1, J. Pavlich-Mariscal 2,3,

More information

Security and Cryptography 1. Stefan Köpsell, Thorsten Strufe. Module 8:Access Control and Authentication

Security and Cryptography 1. Stefan Köpsell, Thorsten Strufe. Module 8:Access Control and Authentication Security and Cryptography 1 Stefan Köpsell, Thorsten Strufe Module 8:Access Control and Authentication Disclaimer: large parts from Stefan Katzenbeisser, Günter Schäfer Dresden, WS 14/15 Reprise from the

More information

Lecture 17 : Equivalence and Order Relations DRAFT

Lecture 17 : Equivalence and Order Relations DRAFT CS/Math 240: Introduction to Discrete Mathematics 3/31/2011 Lecture 17 : Equivalence and Order Relations Instructor: Dieter van Melkebeek Scribe: Dalibor Zelený DRAFT Last lecture we introduced the notion

More information

COLORED GRAPHS AND THEIR PROPERTIES

COLORED GRAPHS AND THEIR PROPERTIES COLORED GRAPHS AND THEIR PROPERTIES BEN STEVENS 1. Introduction This paper is concerned with the upper bound on the chromatic number for graphs of maximum vertex degree under three different sets of coloring

More information

Part III. Access Control Fundamentals

Part III. Access Control Fundamentals Part III Access Control Fundamentals Sadeghi, Cubaleska @RUB, 2008-2009 Course Operating System Security Access Control Fundamentals 105 / 148 10 3.1 Authentication and Access Control 11 Examples for DAC

More information

Scalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT solving

Scalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT solving Scalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT solving Alessandro Armando 1,2 and Silvio Ranise 2, 1 DIST, Università degli Studi di Genova, Italia 2 Security

More information

Role-Based Access Control Approaches In Mangodb 2.4 and Informix Online Dynamic Server Version 7.2

Role-Based Access Control Approaches In Mangodb 2.4 and Informix Online Dynamic Server Version 7.2 Role-Based Access Control Approaches In Mangodb 2.4 and Informix Online Dynamic Server Version 7.2 Abubakar Sulaiman Gezawa 1, Ahmed Aliyu 2, Tong Yujun 3, Saifullahi Aminu Bello 4, Abubakar Ado 5 System

More information

Comparing Simple Role Based Access Control Models and Access Control Lists. Abstract. 1 Introduction

Comparing Simple Role Based Access Control Models and Access Control Lists. Abstract. 1 Introduction Comparing Simple Role Based Access Control Models and Access Control Lists John Barkley National Institute of Standards and Technology Gait hersburg MD 20899 (301) 975-3346 j barkleyanist.gov Abstract

More information

Chapter 7 Application Protocol Reference Architecture

Chapter 7 Application Protocol Reference Architecture Application Protocol Reference Architecture Chapter 7 Application Protocol Reference Architecture This chapter proposes an alternative reference architecture for application protocols. The proposed reference

More information

On XACML, role-based access control, and health grids

On XACML, role-based access control, and health grids On XACML, role-based access control, and health grids 01 On XACML, role-based access control, and health grids D. Power, M. Slaymaker, E. Politou and A. Simpson On XACML, role-based access control, and

More information

The CRUD Security Matrix: A Technique for Documenting Access Rights

The CRUD Security Matrix: A Technique for Documenting Access Rights The CRUD Security Matrix: A Technique for Documenting Access Rights Dale L. Lunsford, Michael R. Collins Phillips School of Business High Point University Abstract The CRUD matrix is an excellent technique

More information

SECURITY MODELS FOR OBJECT-ORIENTED DATA BASES

SECURITY MODELS FOR OBJECT-ORIENTED DATA BASES 82-10-44 DATA SECURITY MANAGEMENT SECURITY MODELS FOR OBJECT-ORIENTED DATA BASES James Cannady INSIDE: BASICS OF DATA BASE SECURITY; Discretionary vs. Mandatory Access Control Policies; Securing a RDBMS

More information

Compact Representations and Approximations for Compuation in Games

Compact Representations and Approximations for Compuation in Games Compact Representations and Approximations for Compuation in Games Kevin Swersky April 23, 2008 Abstract Compact representations have recently been developed as a way of both encoding the strategic interactions

More information

TRBAC: A Temporal Role-Based Access Control Model

TRBAC: A Temporal Role-Based Access Control Model TRBAC: A Temporal Role-Based Access Control Model ELISA BERTINO and PIERO ANDREA BONATTI University of Milano, Italy and ELENA FERRARI University of Insubria, Como, Italy Role-based access control (RBAC)

More information

Keywords: Regression testing, database applications, and impact analysis. Abstract. 1 Introduction

Keywords: Regression testing, database applications, and impact analysis. Abstract. 1 Introduction Regression Testing of Database Applications Bassel Daou, Ramzi A. Haraty, Nash at Mansour Lebanese American University P.O. Box 13-5053 Beirut, Lebanon Email: rharaty, nmansour@lau.edu.lb Keywords: Regression

More information

2. Basic Relational Data Model

2. Basic Relational Data Model 2. Basic Relational Data Model 2.1 Introduction Basic concepts of information models, their realisation in databases comprising data objects and object relationships, and their management by DBMS s that

More information

Bell & LaPadula Model Security Policy Bell & LaPadula Model Types of Access Permission Matrix

Bell & LaPadula Model Security Policy Bell & LaPadula Model Types of Access Permission Matrix 1 Security Policy A document that expresses clearly and concisely what the protection mechanisms are to achieve A statement of the security we expect the system to enforce Bell & LaPadula Model Formalization

More information

Advanced Features for Enterprise-Wide Role-Based Access Control

Advanced Features for Enterprise-Wide Role-Based Access Control Advanced Features for Enterprise-Wide -Based Access Control Axel Kern Systor Security Solutions GmbH Hermann-Heinrich-Gossen-Str. 3 50858 Köln, Germany axel.kern@systorsecurity.com Abstract The administration

More information

1. Relevant standard graph theory

1. Relevant standard graph theory Color identical pairs in 4-chromatic graphs Asbjørn Brændeland I argue that, given a 4-chromatic graph G and a pair of vertices {u, v} in G, if the color of u equals the color of v in every 4-coloring

More information

High level conflict management strategies in advanced access control models

High level conflict management strategies in advanced access control models Replace this file with prentcsmacro.sty for your meeting, or with entcsmacro.sty for your meeting. Both can be found at the ENTCS Macro Home Page. High level conflict management strategies in advanced

More information

Role Engineering: The Cornerstone of Role- Based Access Control DECEMBER 2009

Role Engineering: The Cornerstone of Role- Based Access Control DECEMBER 2009 WHITE PAPER: ROLE ENGINEERING AND ROLE-BASED ACCESS CONTROL Role Engineering: The Cornerstone of Role- Based Access Control DECEMBER 2009 Srinivasan Vanamali, CISA, CISSP CA SERVICES Table of Contents

More information

Hierarchical Role Graph Model for UNIX Access Control

Hierarchical Role Graph Model for UNIX Access Control Hierarchical Role Graph Model for UNIX Access Control Abderrahim Ghadi 1, 2, Driss Mammass 1, Maurice Mignotte 2, and Alain Sartout 2 1 Irf-Sic Fsa, Ibn Zohr University, Morocco 2 Irma, University of Strasbourg,

More information

Security Analysis in Role-Based Access Control

Security Analysis in Role-Based Access Control Security Analysis in Role-Based Access Control NINGHUI LI Purdue University and MAHESH V. TRIPUNITARA Motorola Labs The administration of large role-based access control (RBAC) systems is a challenging

More information

6. Conclusion. Distribution: - What are the implications of the model for operation in a distributed environment?

6. Conclusion. Distribution: - What are the implications of the model for operation in a distributed environment? Distribution: - What are the implications of the model for operation in a distributed environment? 6. Conclusion We have proposed a model that provides flexible and integrated support for version management

More information

Cryptographic Enforcement of Role-Based Access Control

Cryptographic Enforcement of Role-Based Access Control Cryptographic Enforcement of Role-Based Access Control Jason Crampton Information Security Group, Royal Holloway, University of London jason.crampton@rhul.ac.uk Abstract. Many cryptographic schemes have

More information

Purpose Based Access Control for Privacy Protection in Relational Database Systems

Purpose Based Access Control for Privacy Protection in Relational Database Systems VLDB Journal manuscript No. (will be inserted by the editor) Purpose Based Access Control for Privacy Protection in Relational Database Systems Ji-Won Byun, Ninghui Li CERIAS and Department of Computer

More information

Originator Control in Usage Control *

Originator Control in Usage Control * Originator Control in Usage Control * Jaehong Park Laboratory for Information Security Technology ISE Department, MS4A4 George Mason University, Fairfax, VA 22030 jaehpark@ise.gmu.edu, www.list.gmu.edu/park

More information

Policy Analysis for Administrative Role Based Access Control without Separate Administration

Policy Analysis for Administrative Role Based Access Control without Separate Administration Policy nalysis for dministrative Role Based ccess Control without Separate dministration Ping Yang Department of Computer Science, State University of New York at Binghamton, US Mikhail I. Gofman Department

More information

Role Based Access Control: Adoption and Implementation in the Developing World

Role Based Access Control: Adoption and Implementation in the Developing World Role Based Access Control: Adoption and Implementation in the Developing World By Loy A.K. Muhwezi Master s Thesis in Computer Science Thesis number: Supervised By Dr. Martijn Oostdijk Radboud University

More information

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using Raspberry PI Volume: 2, Issue: 7, 20-27 July 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 Miss Rohini Vidhate Savitribai Phule Pune University. Mr. V. D. Shinde Savitribai

More information

Domain Model for Identity Management

Domain Model for Identity Management 1 2 Domain Model for Identity Management This document introduces entities and relationships common to the domain of identity management. Organization Group belongs-to member-of performs owns confers Account

More information

INFO/CS 330: Applied Database Systems

INFO/CS 330: Applied Database Systems INFO/CS 330: Applied Database Systems Introduction to Database Security Johannes Gehrke johannes@cs.cornell.edu http://www.cs.cornell.edu/johannes Introduction to DB Security Secrecy:Users should not be

More information

Max Flow, Min Cut, and Matchings (Solution)

Max Flow, Min Cut, and Matchings (Solution) Max Flow, Min Cut, and Matchings (Solution) 1. The figure below shows a flow network on which an s-t flow is shown. The capacity of each edge appears as a label next to the edge, and the numbers in boxes

More information

Role-Based Access Control (RBAC): Features and Motivations

Role-Based Access Control (RBAC): Features and Motivations Role-Based Access Control (RBAC): Features and Motivations David F. Ferraiolo, Janet A. Cugini, D. Richard Kuhn National Institute of Standards and Technology U. S. Department of Commerce Gaithersburg

More information

How Can Data Sources Specify Their Security Needs to a Data Warehouse?

How Can Data Sources Specify Their Security Needs to a Data Warehouse? How Can Data Sources Specify Their Security Needs to a Data Warehouse? Arnon Rosenthal The MITRE Corporation arnie@mitre.org Edward Sciore Boston College (and MITRE) sciore@bc.edu Abstract In current warehouse

More information

LRBAC: A Location-Aware Role-Based Access Control Model

LRBAC: A Location-Aware Role-Based Access Control Model LRBAC: A Location-Aware Role-Based Access Control Model Indrakshi Ray, Mahendra Kumar, and Lijun Yu Department of Computer Science Colorado State University Fort Collins, CO 80523-1873 iray,kumar,lijun

More information

Database Security and Authorization

Database Security and Authorization Database Security and Authorization 1 Database Security and Authorization 1.1 Introduction to Database Security Issues 1.2 Types of Security 1.3 Database Security and DBA 1.4 Access Protection, User Accounts,

More information

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright.

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright. Database Security Soon M. Chung Department of Computer Science and Engineering Wright State University schung@cs.wright.edu 937-775-5119 Goals of DB Security Integrity: Only authorized users should be

More information

Lecture 7: Concurrency control. Rasmus Pagh

Lecture 7: Concurrency control. Rasmus Pagh Lecture 7: Concurrency control Rasmus Pagh 1 Today s lecture Concurrency control basics Conflicts and serializability Locking Isolation levels in SQL Optimistic concurrency control Transaction tuning Transaction

More information

A Sublinear Bipartiteness Tester for Bounded Degree Graphs

A Sublinear Bipartiteness Tester for Bounded Degree Graphs A Sublinear Bipartiteness Tester for Bounded Degree Graphs Oded Goldreich Dana Ron February 5, 1998 Abstract We present a sublinear-time algorithm for testing whether a bounded degree graph is bipartite

More information

Access control for data integration in presence of data dependencies. Mehdi Haddad, Mohand-Saïd Hacid

Access control for data integration in presence of data dependencies. Mehdi Haddad, Mohand-Saïd Hacid Access control for data integration in presence of data dependencies Mehdi Haddad, Mohand-Saïd Hacid 1 Outline Introduction Motivating example Related work Approach Detection phase (Re)configuration phase

More information

BM482E Introduction to Computer Security

BM482E Introduction to Computer Security BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based

More information

On the k-path cover problem for cacti

On the k-path cover problem for cacti On the k-path cover problem for cacti Zemin Jin and Xueliang Li Center for Combinatorics and LPMC Nankai University Tianjin 300071, P.R. China zeminjin@eyou.com, x.li@eyou.com Abstract In this paper we

More information

The Economic Impact of Role-Based Access Control

The Economic Impact of Role-Based Access Control The Economic Impact of Role-Based Access Control Final Report SUBMITTED TO: Gregory Tassey, Ph.D. National Institute of Standards and Technology Acquisition and Assistance Division Building 101, Room A1000

More information

Criticality of Schedule Constraints Classification and Identification Qui T. Nguyen 1 and David K. H. Chua 2

Criticality of Schedule Constraints Classification and Identification Qui T. Nguyen 1 and David K. H. Chua 2 Criticality of Schedule Constraints Classification and Identification Qui T. Nguyen 1 and David K. H. Chua 2 Abstract In construction scheduling, constraints among activities are vital as they govern the

More information

Role-Based Access Control Requirements Model with Purpose Extension

Role-Based Access Control Requirements Model with Purpose Extension Role-Based Access Control Requirements Model with Purpose Extension Faranak Farzad 1, Eric Yu Faculty of Information Studies University of Toronto, Canada Patrick C. K. Hung Faculty of Business and Information

More information

Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.

Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No. Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No. # 7 ER Model to Relational Mapping Hello and welcome to the next

More information

An Application of Integrating Role and Lattice Based Access Control in Database Engineering

An Application of Integrating Role and Lattice Based Access Control in Database Engineering An Application of Integrating Role and Lattice Based Access Control in Database Engineering Ioannis Mavridis 1, George Pangalos 2, Stavros Kortesis 2 and Isabella Kotini 3 1 Department of Applied Informatics

More information

Risk-Aware Role-Based Access Control

Risk-Aware Role-Based Access Control Risk-Aware Role-Based Access Control Liang Chen and Jason Crampton Information Security Group and Department of Mathematics Royal Holloway, University of London {liang.chen.2005,jason.crampton}@rhul.ac.uk

More information

A COMBINED FINE-GRAINED AND ROLE-BASED ACCESS CONTROL MECHANISM HONGI CHANDRA TJAN. Bachelor of Science. Oklahoma State University

A COMBINED FINE-GRAINED AND ROLE-BASED ACCESS CONTROL MECHANISM HONGI CHANDRA TJAN. Bachelor of Science. Oklahoma State University A COMBINED FINE-GRAINED AND ROLE-BASED ACCESS CONTROL MECHANISM By HONGI CHANDRA TJAN Bachelor of Science Oklahoma State University Stillwater, Oklahoma 200 Submitted to the faculty of the Graduate College

More information

MarkLogic Server. Understanding and Using Security Guide. MarkLogic 8 February, 2015. Copyright 2015 MarkLogic Corporation. All rights reserved.

MarkLogic Server. Understanding and Using Security Guide. MarkLogic 8 February, 2015. Copyright 2015 MarkLogic Corporation. All rights reserved. Understanding and Using Security Guide 1 MarkLogic 8 February, 2015 Last Revised: 8.0-1, February, 2015 Copyright 2015 MarkLogic Corporation. All rights reserved. Table of Contents Table of Contents Understanding

More information

An Empirical Study of Two MIS Algorithms

An Empirical Study of Two MIS Algorithms An Empirical Study of Two MIS Algorithms Email: Tushar Bisht and Kishore Kothapalli International Institute of Information Technology, Hyderabad Hyderabad, Andhra Pradesh, India 32. tushar.bisht@research.iiit.ac.in,

More information

Network Model APPENDIXD. D.1 Basic Concepts

Network Model APPENDIXD. D.1 Basic Concepts APPENDIXD Network Model In the relational model, the data and the relationships among data are represented by a collection of tables. The network model differs from the relational model in that data are

More information

ROLE HIERARCHY ROLES SESSIONS.. roles AR ADMINIS- TRATIVE ROLES ARH ADMINISTRATIVE ADMINISTRATIVE ROLE HIERARCHY

ROLE HIERARCHY ROLES SESSIONS.. roles AR ADMINIS- TRATIVE ROLES ARH ADMINISTRATIVE ADMINISTRATIVE ROLE HIERARCHY Proceedings of 3rd ACM Workshop on Role-Based Access Control, Fairfax, Virginia, October 22-23, 1998 An Oracle Implementation of the PRA97 Model for Permission-Role Assignment Ravi Sandhu and Venkata Bhamidipati

More information

83-10-20 Role-Based Access Control in Real Systems Tom Parker Chris Sundt Payoff

83-10-20 Role-Based Access Control in Real Systems Tom Parker Chris Sundt Payoff 83-10-20 Role-Based Access Control in Real Systems Tom Parker Chris Sundt Payoff Role-based access control can be used to support the real-world access control requirements of a distributed system. This

More information

A Presentation of Access Control Methods

A Presentation of Access Control Methods Chapter 2 A Presentation of Access Control Methods Those who are enamored of practice without theory are like a pilot who goes into a ship without rudder or compass and never has any certainty where he

More information

Database design theory, Part I

Database design theory, Part I Database design theory, Part I Functional dependencies Introduction As we saw in the last segment, designing a good database is a non trivial matter. The E/R model gives a useful rapid prototyping tool,

More information

Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.

Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No. Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No. # 8 Functional Dependencies and Normal Forms Two different kinds

More information

APLRAC: A PATTERN LANGUAGE FOR DESIGNING AND IMPLEMENTING ROLE-BASED ACCESS CONTROL

APLRAC: A PATTERN LANGUAGE FOR DESIGNING AND IMPLEMENTING ROLE-BASED ACCESS CONTROL APLRAC: A PATTERN LANGUAGE FOR DESIGNING AND IMPLEMENTING ROLE-BASED ACCESS CONTROL Saluka R. Kodituwakku 1, Peter Bertok 1, and Liping Zhao 2 1 Department of Computer Science RMIT University, Australia

More information

Class One: Degree Sequences

Class One: Degree Sequences Class One: Degree Sequences For our purposes a graph is a just a bunch of points, called vertices, together with lines or curves, called edges, joining certain pairs of vertices. Three small examples of

More information

CS 188: Artificial Intelligence. Probability recap

CS 188: Artificial Intelligence. Probability recap CS 188: Artificial Intelligence Bayes Nets Representation and Independence Pieter Abbeel UC Berkeley Many slides over this course adapted from Dan Klein, Stuart Russell, Andrew Moore Conditional probability

More information

Mathematics for Computer Science/Software Engineering. Notes for the course MSM1F3 Dr. R. A. Wilson

Mathematics for Computer Science/Software Engineering. Notes for the course MSM1F3 Dr. R. A. Wilson Mathematics for Computer Science/Software Engineering Notes for the course MSM1F3 Dr. R. A. Wilson October 1996 Chapter 1 Logic Lecture no. 1. We introduce the concept of a proposition, which is a statement

More information

GRAPH THEORY LECTURE 4: TREES

GRAPH THEORY LECTURE 4: TREES GRAPH THEORY LECTURE 4: TREES Abstract. 3.1 presents some standard characterizations and properties of trees. 3.2 presents several different types of trees. 3.7 develops a counting method based on a bijection

More information

So today we shall continue our discussion on the search engines and web crawlers. (Refer Slide Time: 01:02)

So today we shall continue our discussion on the search engines and web crawlers. (Refer Slide Time: 01:02) Internet Technology Prof. Indranil Sengupta Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No #39 Search Engines and Web Crawler :: Part 2 So today we

More information

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21 Security and Authorization Chapter 21 Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke 1 Introduction to DB Security Secrecy: Users should not be able to see things they are not supposed

More information

Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No.

Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No. Database Management System Dr. S. Srinath Department of Computer Science & Engineering Indian Institute of Technology, Madras Lecture No. # 2 Conceptual Design Greetings to you all. We have been talking

More information

A Model for Context-dependent Access Control for Web-based Services with Role-based Approach

A Model for Context-dependent Access Control for Web-based Services with Role-based Approach A Model for Context-dependent Access Control for Web-based Services with Role-based Approach Ruben Wolf, Thomas Keinz, Markus Schneider FhG Institute for Secure Telecooperation (SIT), 64293 Darmstadt,

More information

Chapter 10. Matching Markets. 10.1 Bipartite Graphs and Perfect Matchings

Chapter 10. Matching Markets. 10.1 Bipartite Graphs and Perfect Matchings From the book Networks, Crowds, and Markets: Reasoning about a Highly Connected World. By David Easley and Jon Kleinberg. Cambridge University Press, 2010. Complete preprint on-line at http://www.cs.cornell.edu/home/kleinber/networks-book/

More information